Sorry, in this area I'm really a fool.Does your answer imply that h.s's concerns are covered?Would be nice!

Peter

OFFTOPIC: The highest German court is currently examinating the question, whether the "owner" of a WEB access is responsible for everything done using his address (unrecognized hacked WLAN, unrecognized physical host access by a family member, etc.)

Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..

European Union

Posted 13 April 2012 - 08:25 PM

Sorry, in this area I'm really a fool.Does your answer imply that h.s's concerns are covered?Would be nice!...

My apologies for not being clear: your concerns are covered (but require coding).

- Virustotal provides an API to fetch information about files- you calculate the sha1 hash of the file- query virustotal- get the results from their site- interpret the results

If I'm not mistaken, it is possible to trigger an event in javascript when elFinder uploads a file (you need to look into the docs).

Another possibility (not involving javascript and my favorite) is to add a cron job that will process all files publicly available and evaluate if anything suspicious is found or not and then react accordingly (remove the file for example).

My apologies for not being clear: your concerns are covered (but require coding).

- Virustotal provides an API to fetch information about files- you calculate the sha1 hash of the file- query virustotal- get the results from their site- interpret the results

If I'm not mistaken, it is possible to trigger an even in javascript when elFinder uploads a file (you need to look into the docs).

Another possibility (not involving javascript) is to add a cron job that will process all files publicly available and evaluate if anything suspicious is found or not and then react accordingly (remove the file for example).

A bit "Like Shakespeare": A lot of noise about nothing!

When the temp upload area is (as I understood) for "trusted people" (.script developers, developers, Tutorial Writers, ...) only: That's oky. We all trust these members.If we do not trust,not, let's stop any activity in this forum.

Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..

European Union

Posted 13 April 2012 - 09:01 PM

But seems that we are working with theory. Start your change as intended, and if there is something wrong, we will be able to repair.

For me it was just a suggesting of what I would change. For the moment there is not enough time. Still many other things need to get done before, would be nice if someone volunteered to implement changes/improvements.

Is the up-loader using PHP's upload functions? then we have the same limit as the download center.

Is there an api available for uploading files? I would like to make a WB script that the user could press a button or enable an option to automatically upload a log file to the temp area.
Ex. .Win7Pe_SELogssomelogfile.html

I can automate the creation of a file on the temporary host whenever all contents are clean. This way you (and others) can download this file and check the time stamp to know how long it is missing before the next folder clean up, perhaps we can increase the limit to 4 days.

That would work. I'll most likely use AutoIT to automate the process, so that should also provide a layer of defense against abuse, as the FTP account details can be compiled in the EXE. using autoit I can also read HTTP requests so if you have a script I can query that will return a timestamp until the next purge the user can be notified on upload how long the log will be available. that might work better than having a file in the temp server that could accidentally get deleted or modified.

Nope, either you have to redefine the meaning of the colors or have to introduce a new color. As "RED", by definition means, "We are working on fixing an issue",I just want to remind you that nobody has yet assured that any work is going on or will go on in future to get this fixed.